MSIL/Injector.SCX [Threat Name] go to Threat

MSIL/Injector.SCX [Threat Variant Name]

Category trojan
Size 1616384 B
Detection created May 04, 2017
Detection database version 15363
Short description

The trojan has a simple payload.

Installation

The trojan does not create any copies of itself.


In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows NT\­CurrentVersion\­Winlogon]
    • "Shell" = "explorer.exe, %malwarefilepath%"
Other information

The trojan runs the following process:

  • %malwarefilepath%

The trojan creates and runs a new thread with its own program code within the following processes:

  • %malwarefilepath%

The trojan may create the following files:

  • %temp%\­Protect7d723a8e.dll (678912 B)
  • %temp%\­Protect08dfad3a.dll (745984 B)

The trojan may display a fake error message:

  • A Bootable Device Has Not Been Detected.€@

The trojan displays the following message:

Trojan requires the Microsoft .NET Framework to run.

Please enable Javascript to ensure correct displaying of this content and refresh this page.